Several of the major US newspaper saw a deliberate sabotage caused by a cyberattack taking down parts of their publishing and distribution. According to the available information the incident happened last week and the cause of it was a virus infection. Exact details are not known yet however some online sources state that the cause is a ransomware infection in the servers owned by the Tribune Publishing Company. They hold some of the major US newspapers such as the The Los Angeles Times, San Diego Union-Tribune, Chicago Tribune and Baltimore Sun.
Major US Newspapers Sabotaged By Unknown Malicious Actor
The end of the year marks one of the largest security incidents against media in the US with the targeted attack against the Tribune Publishing Company. The available information so far reports that the media editions that they publish and distribute were sabotaged: The Los Angeles Times, San Diego Union-Tribune, Chicago Tribune and Baltimore Sun. No official confirmation of the source of the attack is known so far however there are two main hypotheses.
The first one is that this was caused by a ransomware infection from an unknown source. At the time of writing this article several news reports indicate that this is the most likely reason. This type of malware is capable of destroying all data files and locking access to certain system data used to carry out the production and distribution activities. The other possibility is that this is due to a system failure in the facilities of the company. The security incident analysis has been able to confirm a deliberate ransomware infection with the Ryuk ransomware.
As soon as the problem was noticed by the readers and subscribers of the editions the associated newspapers published apologies on their Twitter profiles.
If you're one of our print subscribers, it's likely you didn't receive your paper today. We are incredibly sorry for the inconvenience. Here's what happened to cause the delays: https://t.co/XsBAk0TWqk
— Los Angeles Times (@latimes) December 29, 2018
The LA Times reports that the core issue was a virus infection that targeted critical infrastructure and its main goal is to steal valuable data. Due to the fact that the attack involves some of the major newspapers in the US it is believed that the source of the attacks may be a foreign state. The review of the systems so far shows that no information was compromised. Data that could have been accessed includes the following: subscribers personal information, online users and advertising clients. Investigation into the exact identity of the criminals is still ongoing.